APPLE has not yet fixed zero-day exploits on macOS, leaving many Mac computers vulnerable, according to a new report.
Software security company Intego estimates that around 35 to 40 percent of all Mac computers are currently vulnerable to active security flaws.
1
Zero-day exploits often stem from an “in-the-wild” unknown issue and expose a vulnerability in software or hardware that can lead to further problems.
The computers most vulnerable to the exploit are macOS Big Sur and macOS Catalina.
Apple’s macOS Monterey is no longer affected by the issue as the company patched its system up just ahead of the Monterey 12.3.1 launch on March 31.
Two of the active zero-days Apple tackled include CVE-2022-22674 and CVE-2022-22675.
The first exploit (CVE-2022-22674) is a ‘write bug’ that can allow malicious apps to execute arbitrary code.
While the second bug, which is found in the Intel Graphics drivers, could lead to a breach of memory data.
Both of these security flaws affect macOS, but the latter also affects iOS and iPadOS, according to Joshua Long, chief security analyst at Intego.
“This is the first time since the release of macOS Monterey that Apple has neglected to patch actively exploited vulnerabilities for Big Sur and Catalina,” Long said.
Most read in Tech
“The previous three actively exploited vulnerabilities were each patched simultaneously for Monterey, Big Sur, and Catalina.”
Apple has not given any indication that it is addressing the issues on previous versions of macOS, Intego said.
What’s more, an estimated 55–60% of all actively used Macs today are likely running macOS Big Sur or older, “and therefore remain vulnerable to unpatched in-the-wild vulnerabilities,” Intego wrote in a blog post.
The security firm added that users should upgrade their computer to macOS Monterey, assuming it’s compatible with it, as soon as possible to tackle some of the vulnerabilities.
“The average person would never know this, because Apple still releases patches for Big Sur and Catalina, most recently just three weeks ago, on March 15,” Intego said.
“It isn’t obvious to most people that Apple’s patches for these macOS versions are incomplete and leave their Macs vulnerable to serious—and in some cases actively exploited—security bugs.”
The Sun has reached out to Apple for comment but has not heard back at the time of publishing.
We pay for your stories!
Do you have a story for The US Sun team?
This post first appeared on Thesun.co.uk
